Showing results for 
Search instead for 
Did you mean: 

NAT B2B HIgh availability

We have been trying to implement NAT box 2 box between two 3925 routers,

WE have successfully configured it, but because of the assymetric routing configured on the wan interface 

There is a problem that the input queue of the wan interface gets filled in the standby router, after upgrading the router this has stopped but we also upgraded the primary router and now the input queue of the wan interface in the primary router gets filled.

the config is as shown below

application redundancy
group 1
priority 150
control GigabitEthernet0/2.1 protocol 1
data GigabitEthernet0/2.2
asymmetric-routing interface GigabitEthernet0/2.3
asymmetric-routing always-divert enable
protocol 1
timers hellotime msec 500 holdtime msec 2000


interface GigabitEthernet0/0
description ***** LAN *****
ip address x.x.x.x secondary
ip address x.x.x.x
ip nat inside
ip virtual-reassembly in
ip policy route-map bc
load-interval 30
duplex auto
speed auto
redundancy rii 100
redundancy group 1 ip x.x.x.1 exclusive decrement 100


interface GigabitEthernet0/1.xxxx
description ***** INTERNET-WAN ******
encapsulation dot1Q xxxx
ip address x.x.x.x
ip nat outside
ip virtual-reassembly in
redundancy rii 101
redundancy asymmetric-routing enable


interface GigabitEthernet0/2.1
description "RG Control Interface"
encapsulation dot1Q 21
ip address
interface GigabitEthernet0/2.2
description "RG Data Interface"
encapsulation dot1Q 22
ip address
interface GigabitEthernet0/2.3
description "RG Asym_routing Inteface"
encapsulation dot1Q 23
ip address

ip nat inside source list NAT-POOL-IN pool NAT-POOL-OUT redundancy 1 mapping-id 120 overload

Any help would be appreciated,




Could you move the WAN interface onto a dedicated physical interface?  Then it would have a full set of buffers dedicated to it, and the redundancy group traffic would be seperated from it.

It sounds a bit like the routers are under more load than they can handle. What sort of CPU load are you running at?


The wan interface is a dedicated interface mainly for ISP, but the issue is that ISP requires this setup hence we need to make sub interface.

the load on the cpu doesnt cross 60% as far as i saw it.

this was noticed with IOS 15.4(3)-M2/IOS 15.4(3)-M3 with standby router and active router was having no issues at all.

Once we upgraded both routers to 15.4(3)-M4 the standby router input queue has become nore stable than before but the active routers queue gets filled up so fast that means even after increasing the queu size to 24000 it got filled to 2000 with 10 mins.


So to be clear, the issue did not exist before the IOS upgrade to 15.4(3)M4?  If so, then it has to be an IOS issue.

That is a gold star release and usually pretty good.    I suspect you might need to downgrade unless there was a compelling reason to upgrade.